github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 10:23:14 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/management/index-patterns.asciidoc
gchaps 3c80ea22eb
[DOCS] Improves Management section in docs (#56669) 
* [DOCS] Improves Management section in docs

* [DOCS] Fixes build error

* [DOCS] Incorporates review comments in management docs
2020-02-06 09:16:32 -08:00

99 lines
3.9 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[[index-patterns]]
== Creating an index pattern
To explore and visualize data in {kib}, you must create an index pattern.
An index pattern tells {kib} which {es} indices contain the data that
you want to work with.
Once you create an index pattern, you're ready to:
* Interactively explore your data in <<discover, Discover>>.
* Analyze your data in charts, tables, gauges, tag clouds, and more in <<visualize, Visualize>>.
* Show off your data in a <<canvas, Canvas>> workpad.
* If your data includes geo data, visualize it with <<maps, Maps>>.
[float]
[[index-patterns-read-only-access]]
=== [xpack]#Read-only access#
If you have insufficient privileges to create or save index patterns, a read-only
indicator appears in Kibana. The buttons to create new index patterns or save
existing index patterns are not visible. For more information, see <<xpack-security-authorization>>.
[role="screenshot"]
image::images/management-index-read-only-badge.png[Example of Index Pattern Management's read only access indicator in Kibana's header]
[float]
[[settings-create-pattern]]
=== Create an index pattern
If you are in an app that requires an index pattern, and you don't have one yet,
{kib} prompts you to create one. Or, you can go directly to
*Management > Kibana > Index Patterns*.
[role="screenshot"]
image:management/index-patterns/images/rollup-index-pattern.png["Menu with rollup index pattern"]
[float]
==== Standard index pattern
Just start typing in the *Index pattern* field, and {kib} looks for
the names of {es} indices that match your input. Make sure that the name of the
index pattern is unique.
To include system indices in your search, toggle the switch in the upper right.
[role="screenshot"]
image:management/index-patterns/images/create-index-pattern.png["Create index pattern"]
Your index pattern can match multiple {es} indices.
Use a comma to separate the names, with no space after the comma. The notation for
wildcards (`*`) and the ability to "exclude" (`-`) also apply
(for example, `test*,-test3`).
If {kib} detects an index with a timestamp, youre asked to choose a field to
filter your data by time. If you dont specify a field, you wont be able
to use the time filter.
[float]
==== Rollup index pattern
If a rollup index is detected in the cluster, clicking *Create index pattern*
includes an item for creating a rollup index pattern.
You can match an index pattern to only rolled up data, or mix both rolled
up and raw data to explore and visualize all data together.
An index pattern can match
only one rollup index.
[float]
[[management-cross-cluster-search]]
==== {ccs-cap} index pattern
If your {es} clusters are configured for {ref}/modules-cross-cluster-search.html[{ccs}], you can create
index patterns to search across the clusters of your choosing. Using the
same syntax that you'd use in a raw {ccs} request in {es}, create your
index pattern with the convention `<cluster-names>:<pattern>`.
For example, to query {ls} indices across two {es} clusters
that you set up for {ccs}, which are named `cluster_one` and `cluster_two`,
you would use `cluster_one:logstash-*,cluster_two:logstash-*` as your index pattern.
You can use wildcards in your cluster names
to match any number of clusters, so if you want to search {ls} indices across
clusters named `cluster_foo`, `cluster_bar`, and so on, you would use `cluster_*:logstash-*`
as your index pattern.
To query across all {es} clusters that have been configured for {ccs},
use a standalone wildcard for your cluster name in your index
pattern: `*:logstash-*`.
Once an index pattern is configured using the {ccs} syntax, all searches and
aggregations using that index pattern in {kib} take advantage of {ccs}.
[float]
[[reload-fields]]
=== Manage your index pattern
To drill down into the fields and associated data types in an index pattern,
click its name in the *Index patterns* overview page.
For more information, refer to <<managing-fields, Index Patterns and Fields>>.
Reference in a new issue View git blame Copy permalink